85976e96abd5987e03dd92ebc85a7a80_JaffaCakes118 | Triage

Sharing

General

Target

85976e96abd5987e03dd92ebc85a7a80_JaffaCakes118
Size

480KB
MD5

85976e96abd5987e03dd92ebc85a7a80
SHA1

13dc53e48c06405269a99d25941821deba13c5b4
SHA256

843332724092e4b31828555fb9ed67bfd62cffd1908917b223d5bf1a8f17745d
SHA512

a1031d4cd43f0ec9f894e0d457e687de0a62cd5cde6f5c2c2902d5bc85bebbc94b087fa5cf93f73aa1982cb63ddcf097161f3295821165b650fbdecae9f225c8
SSDEEP

12288:cE++BhtjJKOlxuQsxlAEVtkCCq8M74wASUHl9S:G+BY4DqlAMk0z7yV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
85976e96abd5987e03dd92ebc85a7a80_JaffaCakes118

Files

85976e96abd5987e03dd92ebc85a7a80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cebec99455df8a7950134c0a94ee54f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA

kernel32

GetProcAddress
CopyFileA
LoadLibraryA

msvbvm60

ord516
ord626
__vbaCopyBytes
ord669
ord593
ord595
ord598
ord631
ord632
ord525
ord527
ord529
DllFunctionCall
ord600
__vbaExceptHandler
ord711
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord535
ord537
ord644
ord645
ord570
ord648
ord681
ord100
ord616
ord617
ord580

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ